Identity Based Proxy Signature from RSA without Pairings
|
|
- Derick Warren
- 5 years ago
- Views:
Transcription
1 International Journal of Network Security, Vol.19, No.2, PP , Mar (DOI: /IJNS (2).07) 229 Identity Based Proxy Signature from RSA without Pairings Lunzhi Deng, Huawei Huang, and Yunyun Qu (Corresponding author: Lunzhi Deng) School of Mathematics Science, Guizhou Normal University Guiyang , China ( (Received Sept. 16, 2015; revised and accepted Jan. 23 & Mar. 29, 2016) Abstract RSA is a key cryptography technique and provides various interfaces for the applied software in real-life scenarios. Although some good results were achieved in speeding up the computation of pairing function in recent years, the computation cost of the pairings is much higher than that of the exponentiation in a RSA group. So it is still interesting to design efficient cryptosystems based on RSA primitive. A proxy signature scheme allows a proxy signer to sign messages on behalf of an original signer within a given context. Most identity based proxy signature schemes currently known employ bilinear pairings. In this paper, an identity based proxy ring signature (IBPS) scheme from RSA without pairings is constructed, and the security is proved under the random oracle model. Keywords: Identity based cryptography, proxy signature, RSA 1 Introduction Public key cryptography is an important technique to realize network and information security. In traditional public key infrastructure, each user generates his own secret and public keys [13]. A certification authority must sign a digital certificate which links the identity of the user and his public key. The validity of this certificate must be checked before using the public key of the user, when encrypting a message or verifying a signature. Obviously, the management of digital certificates decreases the efficiency of practical implementations of public key cryptosystem. To solve the problem, Shamir [21] defined a new public key paradigm called identity-based public key cryptography. In this system, each user needs to register at a trusted private key generator (PKG) with identity of himself before joining the network. Once a user is accepted, the PKG will generate a private key for the user and the user s identity (e.g., user s name or address) becomes the corresponding public key. In order to verify a digital signature or send an encrypted message, a user needs to only know the identity of communication partner and the public key of the PKG [20]. Shamir [21] proposed an identity-based signature scheme from the RSA primitive. Guillou and Quisquater [6] proposed a similar RSA identity-based signature scheme, which is constructed from a zeroknowledge identification protocol. Herranz [8] proposed an identity-based ring signatures from RSA whose security is based on the hardness of the RSA problem. After initial schemes, the following breakthrough result in the area of identity-based cryptography came in 2001, when Boneh and Franklin [2] designed an efficient identitybased public key encryption scheme. In the design, they used as a tool bilinear pairings, a kind of maps which can be constructed on some elliptic curves. Using bilinear pairings, a lot of identity-based schemes have been proposed for encryption, signature, key agreement, etc. However, it is still desirable to find schemes for identity-based scenarios which do not need to employ bilinear pairings. The concept of proxy signatures was first introduced by Mambo et al. [16]. Based on the delegation type, proxy signature schemes are classified into three types: full delegation, partial delegation and delegation by warrant. In a full delegation scheme, the original signer s private key is given to the proxy signer. Hence the proxy signer has the same signing right as the original signer. Obviously, such schemes are impractical and insecure for most of realworld settings. In a partial delegation scheme, a proxy signer has a new key, called proxy private key, which is different from the original signer s private key. Although proxy signatures generated by using proxy private key are different from the original signer s standard signatures, the proxy signer is not limited on the range of messages he can sign. This weakness is eliminated in delegation by warrant schemes. One of the main advantages of the use of warrants is that it is possible to include any type of security policy (that specifies what kinds of messages are delegated, and may contain other information, such as the identities of the original signer and the proxy signer, the
2 International Journal of Network Security, Vol.19, No.2, PP , Mar (DOI: /IJNS (2).07) 230 delegation period, etc.) in the warrant to describe the restrictions under which the delegation is valid. Therefore, proxy signature schemes which use the method of this approach attract a great interest, and it is often expected that new proxy signature schemes will implement the functionality of warrants. In order to adapt different situations, many proxy signature variants are produced, such as one-time proxy signature, proxy blind signature, multi-proxy signature, and so on. Using bilinear pairings, people proposed many new ID-based proxy signature (IBPS) scheme [1, 4, 5, 9, 10, 11, 14, 15, 17, 18, 19, 24, 25, 26]. All the above IBPS schemes are very practical, but they are based on bilinear pairings and the pairing is regarded as the most expensive cryptography primitive. Recently, He et al. [7] proposed an ID-based proxy signature schemes without bilinear pairings. Tiwari and Padhye [22] proposed a provable secure multi-proxy signature scheme without bilinear maps. Kim et al. [12] constructed a provably secure ID-based proxy signature scheme based on the lattice problems. The computation cost of the pairings is much higher than that of the exponentiation in a RSA group. Therefore, IBPS schemes based on RSA primitive would still be appealing. 2 Preliminaries The notations of this paper are listed in the following: N: A large composite number, the product of two prime numbers p, q. b: A prime number satisfying gcd(b, ϕ(n)) = 1. p, q, a: The master key satisfying N = pq and a = b 1 mod ϕ(n). ID i /D i : The user s identity /private key. ID o /D o : The original signer s identity/private key. ID p /D p : The proxy signer s identity/private key. m w : The warrant consisting of the identities of original signer and proxy signer, the delegation duration and so on. π: The proxy delegation. H 0, H 1, H 2 : Three hash functions. We define the RSA problem as follows. Definition 1. Let N = pq, where p and q are two k- bit prime numbers. Let b be a random prime number, greater than 2 l for some fixed parameter l, such that gcd(b, ϕ(n)) = 1. Given Y ZN, RSA problem is to find X ZN such that Xb = Y mod N. An identity based proxy signature scheme consists of the following six algorithms: Setup: This algorithm takes as input a security parameter k, then returns params (system parameters) and a randomly chosen master secret key msk. After the algorithm is performed, the PKG publishes the system parameters params and keeps the master key msk secret. Key extract: This algorithm takes as input params, msk, identity ID i {0, 1} of an entity, and returns a private key D i. The PKG carries out the algorithm to generate the private key D i and send D i to the corresponding owner ID i via a secure channel. Delegate: This algorithm takes as input the params, original signer s private key D o, a warrant m w and outputs the delegation π. Delegation verify: This algorithm takes as input params, π and verifies whether π is a valid delegation from the original signer. Proxy sign: This algorithm takes as input the params, proxy signer s private key D p, delegation π, a message m and outputs the proxy signature σ. Proxy signature verify: This algorithm takes as input the original signer s identity ID o, the proxy signer s identity ID p, a proxy signature σ, and outputs 1 if the proxy signature is valid or 0 otherwise. Definition 2. An identity based proxy signature scheme is unforgeable(unf-ibps) if no polynomially bounded adversary has a non-negligible advantage in the following game. Game. Now we illustrate the game performed between a challenger C and a adversary A for an identity based proxy signature scheme. Initialization. C runs the setup algorithm to generate a master secret key msk and the public system parameters params. C keeps msk secret and gives params to A. Query. A performs a polynomially bounded number of queries. These queries may be made adaptively, i.e. each query may depend on the answers to the previous queries. Hash functions query: A can ask for the values of the hash functions for any input. Key query: When A requests the private key of the user ID i, C responds with the private key D i. Delegation query: When A submits original signer s identity ID o and a warrant m w to the challenger, C responds by running the delegate algorithm on the warrant m w, the original signer s private key D o.
3 International Journal of Network Security, Vol.19, No.2, PP , Mar (DOI: /IJNS (2).07) 231 Proxy signature query: When A submits original signer s identity ID o, proxy signer s identity ID p, a warrant m w and a message m to the challenger, C responds by running the proxy sign algorithm on the message m, the warrantm w, the private keys D o and D p. Forge. A outputs a tuple (π, ID o ) or (m, m w, σ, ID o, ID p ). A wins the game, if one of the following cases is satisfied: Case 1: The final output is (π, ID o ) and it satisfies: 1) π is a valid delegation. 2) A does not query the original signer ID o s private key. 3) π is not generated from the delegation query. Case 2: The final output is (m, m w, σ, ID o, ID p ) and it satisfies: 1) σ is a valid proxy signature. 2) A does not query the original signer ID o s private key. 3) The tuple (ID o, ID p, m w) is not appear in delegation query. 4) σ is not generated from the proxy signature query. Case 3: The final output is (m, m w, σ, ID o, ID p ) and it satisfies: 1) σ is a valid proxy signature. 2) A does not query the proxy signer ID p s private key. 3) σ is not generated from the proxy signature query. The success probability of A is defined as: UNF IBP S Succ = P r[a win]. A 3 The Proposed Scheme Setup: Given security parameters k, a trusted private key generator (PKG) generates two random k-bit prime numbers p and q. Then it computes N = pq. For some fixed parameter l (for example l = 200), chooses at random a prime number b satisfying 2 l < b < 2 l+1 and gcd(b, ϕ(n)) = 1, and computes a = b 1 mod ϕ(n). Furthermore, PKG chooses cryptographic hash functions described as follows: H 0 : {0, 1} ZN, H 1 : {0, 1} ZN Z b and H 2 : {0, 1} ZN Z N Z b. The set of public parameters is: params = {N, b, H 0, H 1, H 2 }, the secret information stored by PKG is master-key=(p, q, a). Key extract: For an identity ID i {0, 1}, PKG computes D i = Q a i, Q i = H 0 (ID i ) and sends D i to the user ID i via a secure channel. Delegate: m w is the warrant consisting of the identities of original signer and proxy signer, the delegation duration and so on. On input the warrant m w, the original signer ID o, whose private key is D o, performs the following steps: 1) Randomly selects A Z N, computes T = A b mod N, h = H 1 (m w, T ). 2) Computes R = AD h o mod N. 3) Outputs π = (m w, T, R) as the delegation. Delegation verify: To verify a delegation π = (m w, T, R) for an identity ID o, the verifier performs the following steps: 1) Computes h = H 1 (m w, T ). 2) Checking whether R b = T Q h o mod N. If the equality holds, accepts the delegation. Otherwise, rejects. Proxy sign: For a message m, the proxy signer (whose identity is ID p ) who owns the delegation π = (m w, T, R) does the following: 1) Randomly selects B Z N, computes S = B b mod N, k = H 2 (m, m w, T, S). 2) Computes Z = RBD k p mod N. 3) Outputs the signature σ = (m, m w, T, S, Z). Proxy signature verify: To verify the validity of a proxy signature (where the original singer s identity is ID o, the proxy singer s identity is ID p ), a verifier first checks whether the original signer and proxy signer conform to m w, then performs the following steps. 1) Computes h = H 1 (m w, T ) and k = H 2 (m, m w, T, S). 2) Checking whether Z b = T SQ h oq k p mod N. If the equality holds, outputs 1. Otherwise, outputs 0. On correctness, we have Z b = (RBD k p) b = R b B b D bk p = T SQ h oq k p. 4 Security of The Proposed Scheme Theorem 1. The scheme is unforgeable against the adversary in randomly oracle model if the RSA problem is hard. Proof. Suppose the challenger C receives a random instance (N, b, Y ) of the RSA problem and and has to find an element X Z N such that Xb = Y. C will run A as a subroutine and act as A s challenger in the UNF-IBPS game.
4 International Journal of Network Security, Vol.19, No.2, PP , Mar (DOI: /IJNS (2).07) 232 Initialization. At the beginning of the game, C runs the setup program with the parameter k, gives A the system parameters params={n, b, H 0, H 1, H 2 }. Queries. Without loss of generality, it is assumed that all the queries are distinct and A will ask for H 0 (ID) before ID is used in any other queries. C will set several lists to store the queries and answers, all of the lists are initially empty. H 0 queries: C maintains the list L 0 of tuple (ID i, A i ). When A makes a query H 0 (ID i ), C responds as follows. At the j th H 0 query, C set H 0 (ID ) = Y. For i j, C randomly picks a value A i ZN and sets H 0 (ID i ) = A b i, then the query and the answer will be stored in the list L 0. H 1 queries: C maintains the list L 1 of tuple (α i, h i ). When A makes a query H 1 (α i ). C randomly picks a value h i Zb and sets H 1 (α i ) = h i, then the query and the answer will be stored in the list L 1. H 2 queries: C maintains the list L 2 of tuple (β i, k i ). When A makes a query H 2 (β i ). C randomly picks a value k i Zb and sets H 2 (β i ) = k i, then the query and the answer will be stored in the list L 2. Key extraction queries: C maintains the list L K of tuple (ID i, D i ). When A makes private key extraction query for identity ID i. If ID i = ID, C fails and stops. Otherwise C finds the tuple (ID i, A i ) in list L 0 and returns D i = A i to A. Delegate queries: When A submits ID o, ID p and m w to challenger. C outputs a delegation as follows. If ID o ID, C gives a delegation by calling the delegate algorithm. Otherwise, C does as follows. 1) Randomly selects A Z N and h Z b. 2) Computes T = A b Q h o and R = A. 3) Stores the relation h = H 1 (m w, T ). If collision occurs, repeats Steps (1)-(3). 4) Outputs π = (m w, T, R) as the delegation. Proxy signature queries. When A submits a delegation π = (m w, T, R) message m to the challenger. C outputs an identity based proxy signature as follows. If ID p ID, C gives a signature by calling the proxy sign algorithm. Otherwise, C does as follow. 1) Randomly selects B ZN and k Z b. 2) Computes S = B b Q k p and Z = RB. 3) Stores the relation k = H 2 (m, m w, T, S). If collision occurs, repeats Steps (1)-(3). 4) Outputs the proxy signature σ = (m, m w, T, S, Z). Forge. A outputs a tuple {π = (m w, T, R), ID o } or {σ = (m, m w, T, S, Z), ID o, ID p }. There are three cases to consider: Case 1. The final output is {π = (m w, T, R), ID o } and the output satisfies the requirement of Case 1 as defined in UNF-IBPS game. Solve RSA problem. In fact, π is the signature on m w by ID o. By the forking lemma for generic signature scheme [3], two delegations can be generated: (m w, T, R) and (m w, T, R ). Where h = H 1 (m w, T ), h = H 1(m w, T ). If ID o = ID, RSA problem can be solved as follow: The relation becomes (R R 1 ) b = Y h h mod N. Since h, h Z b, then h h < b. By the element b is a prime number, so it holds gcd(b, h h) = 1. This means that there exist two integers c and d such that cb + d(h h) = 1. Finally, the value X = (R R 1 ) d Y c mod N is the solution of the given instance of the RSA problem. In effect, X b = (R R 1 ) bd Y bc = Y d(h h) Y bc = Y cb+d(h h) = Y. Probability. Let q Hi (i = 0, 1, 2), q K, q D and q S be the number of H i (i = 0, 1, 2) queries, private key queries, delegating queries and proxy signing queries, respectively. The probability that C does not fail during the queries is q H 0 q K. The probability that ID o = ID 1 is q K. So the combined probability is q H 0 q K 1 q K = 1. Therefore, the probability of C to solve the RSA problem is: ɛ. Case 2. The final output is {σ = (m, m w, T, S, Z), ID o, ID p } and the output satisfies the requirement of Case 2 as defined in UNF-IBPS game. Solve RSA problem. By the forking lemma for generic signature scheme [3], two proxy signatures can be generated: (m, m w, T, S, Z) and (m, m w, T, S, Z ). Where k = k = H 2 (m, m w, T, S), h = H 1 (m w, T ), h = H 1(m w, T ), and h h. If ID o = ID, RSA problem can be solved as follow: The relation becomes (Z Z 1 ) b = Y h h mod N. Since h, h Z b, the that h h < b. By the element b is a prime number, so it holds gcd(b, h h) = 1. This means that there exist two integers c and d such that cb + d(h h) = 1. Finally, the value X = (Z Z 1 ) d Y c mod N is the solution of the given instance of the RSA
5 International Journal of Network Security, Vol.19, No.2, PP , Mar (DOI: /IJNS (2).07) 233 problem. In effect, X b = (Z Z 1 ) bd Y bc = Y d(h h) Y bc = Y cb+d(h h) = Y. Probability. Probability of success is same as the probability in Case 1. Case 3. The final output is {σ = (m, m w, T, S, Z), ID o, ID p } and the output satisfies the requirement of Case 3 as defined in UNF-IBPS game. Solve RSA problem. By the forking lemma for generic signature scheme [3], two proxy signatures can be generated: (m, m w, T, S, Z) and (m, m w, T, S, Z ). Where h = h = H 1 (m w, T ), k = H 2 (m, m w, T, S), k = H 2(m, m w, T, S), and k k. If ID p = ID, RSA problem can be solved as follow: The relation becomes (Z Z 1 ) b = Y k k mod N. Since k, k Z b, then k k < b. By the element b is a prime number, so it holds gcd(b, k k) = 1. This means that there exist two integers c and d such that cb + d(k k) = 1. Finally, the value X = (Z Z 1 ) d Y c mod N is the solution of the given instance of the RSA problem. In effect, X b = (Z Z 1 ) bd Y bc = Y d(k k) Y bc = Y cb+d(k k) = Y. Probability. Probability of success is same as the probability in Case 1. 5 Efficiency and Comparison In this section, we compare the performance of our scheme with several other schemes. some notations are defined as follows: P : a pairing operation. E M : a modular exponentiation. M P : a pairing-based scalar multiplication. M E : an ECC-based scalar multiplication. Through PIV 3-GHZ processor with 512-MB memory and a Windows XP operation system. He et al. [7] obtained the running time for cryptographic operations. To achieve 1024-bit RSA level security, they use the Tate pairing defined over a supersingular curve E/F p : y 2 = x 3 +x with embedding degree 2, where q is a 160-bit Solinas prime q = and p is a 512-bit prime satisfying p + 1 = 12qr. To achieve the same security level, they employed the parameter secp160r1 [23], where p = The running times are listed in Table 1. A simple method is used to evaluate the computation efficiency. For example, Wu et al. s [25] scheme requires 6 pairing-based scalar multiplication operations and 8 pairing operations. So the resulting computation time is = Table 1: Cryptographic operation time (in milliseconds) P E M M P M E Based on the above parameter and ways, the detailed comparison results of several different IBPS schemes are illustrated in Table 2. 6 Conclusion A proxy signature scheme allows a proxy signer to sign messages on behalf of an original signer within a given context. Most IBPS schemes currently known employ bilinear pairings. RSA is a key cryptography technique and provides various interfaces for the applied software in reallife scenarios. Although some good results were achieved in speeding up the computation of pairing function in recent years, the computation cost of the pairings is much higher than that of the exponentiation in a RSA group. In this paper, an IBPS scheme from RSA was proposed and the security was proved in the random oracle model. The scheme needs not pairings and it is more efficient than previous ones using bilinear pairings. Due to the good properties of our scheme, it should be useful for practical applications. Acknowledgments This research is supported by the National Natural Science Foundation of China under Grants , , The authors gratefully acknowledge the anonymous reviewers for their valuable comments. References [1] A. Boldyreva, A. Palacio, and B. Warinschi, Secure proxy signature scheme for delegation of signing rights, IACR eprint Archive, ( eprint.iacr.org/2003/096/) [2] D. Boneh and M. Franklin, Identity-based encryption from the weil pairing, SIAM Journal of Computing, vol. 32, no. 3, pp , [3] M. Bellare and G. Neven, Multisignatures in the plain publickey model and a general forking lemma, in Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS 06), pp , [4] C. Gu and Y. Zhu, Provable security of ID-based proxy signature schemes, in Networking and Mobile Computing, LNCS 3619, pp , Springer, [5] C. Gu and Y. Zhu, An efficient ID-based proxy signature scheme from pairings, in Proceedings of Inscrypt 07, LNCS 4990, Springer, pp , 2007.
6 International Journal of Network Security, Vol.19, No.2, PP , Mar (DOI: /IJNS (2).07) 234 Table 2: Comparison of several IBPS schemes Scheme Delegate D-Verify Proxy signing P-Verify Time Wu et al. [25] 2M P 3P 4M P 5P Gu et al. [5] 4M P 4M P + P 2M P 4M P + P Ji et al. [11] 3M P 2P 3M P M P + 2P He et al. [7] M E 3M E M E 6M E Our scheme 2E M 2E M 2E M 2E M [6] L. C. Guillou and J. J. Quisquater, A paradoxical identity-based signature scheme resulting from zeroknowledge, in Proceedings of Crypto 88, LNCS 403, pp , [7] D. B. He, J. H. Chen, and J. Hu, An ID-based proxy signature schemes without bilinear pairings, Annual Telecommunications, vol. 66, pp , [8] J. Herranz, Identity-based ring signatures from RSA, Theoretical Computer Science, vol. 389, pp , [9] M. S. Hwang, E. J. L. Lu, and I. C. Lin, A practical (t, n) threshold proxy signature scheme based on the RSA cryptosystem, IEEE Transactions On Knowledge and Data Engineering, vol. 15, no. 6, pp , [10] X. Hu, W. Tan, H. Xu, and J. Wang, Short and provably secure designated verifier proxy signature scheme, IET Information Security, vol. 10, no. 2, pp , [11] H. Ji, W. Han, and L. Zhao, An identity-based proxy signature from bilinear pairings, in WASE International Conference on Information Engineering, pp , [12] K. S. Kim, D. Hong, and I. R. Jeong, Identity-based proxy signature from lattices, Journal Of Communications and Networks, vol. 15, no. 1, pp. 1 7, [13] A. V. N. Krishna, A. H. Narayana, K. M. Vani, Window method based cubic spline curve public key cryptography, International Journal of Electronics and Information Engineering, vol. 4, no. 2, pp , [14] B. Lee, H. Kim, and K. Kim, Strong proxy signature and its applications, in Proceedings of SCIS 01, pp , [15] J. Y. Lee, J. H. Cheon, and S. Kim, An analysis of proxy signatures: Is a secure channel necessary? in Proceedings of CT-RSA 03, LNCS 2612, pp , Springer, [16] M. Mambo, K. Usuda, and E. Okamoto, Proxy signature: Delegation of the power to sign messages, IEICE Transactions on Fundamentals, vol. E79-A, no. 9, pp , [17] T. Malkin, S. Obana, and M. Yung, The hierarchy of key evolving signatures and a characterization of proxy signatures, in Proceedings of EU- ROCRYPT 04, LNCS 3027, pp , Springer, [18] S. Mashhadi, A novel non-repudiable threshold proxy signature scheme with known signers, International Journal of Network Security, vol. 15, no. 4, pp , [19] T. Okamoto, A. Inomata, and E. Okamoto, A proposal of short proxy signature using pairing, in International Conference on Information Technology (ITCC 05), pp , [20] K. R. Santosh, C. Narasimham, and P. Shetty, Cryptanalysis of multi-prime RSA with two decryption exponents, International Journal of Electronics and Information Engineering, vol. 4, no. 1, pp , [21] A. Shamir, Identity-based cryptosystem and signature scheme, in Advances in Cryptology (Crypto 84), LNCS 196, pp , Springer, [22] N. Tiwari and S. Padhye, Provable secure multiproxy signature scheme without bilinear maps, International Journal of Network Security, vol. 17, no. 6, pp , [23] The Certicom Corporation, SEC2: Recommended Elliptic Curve Domain Parameters, (www. secg.org/collateral/sec2-final.pdf) [24] G. Wang, F. Bao, J. Zhou, and R. H. Deng, Security analysis of some proxy signatures, in Proceedings of ICISC 03, LNCS 2971, pp , Springer, [25] W. Wu, Y. Mu, W. Susilo, J. Seberry, and X. Y. Huang, Identity-based proxy signature from pairings, in Proceedings of ATC 07, LNCS 4610, pp , Springer, [26] J. Xu, Z. Zhang, and D. Feng, ID-based proxy signature using bilinear pairings, in PWorkshops on Parallel and Distributed Processing and Applications (ISPA 05), LNCS 3759, pp , Springer, Lunzhi Deng received his B.S. from Guizhou Normal University, Guiyang, China, in 2002; M.S. from Guizhou Normal University, Guiyang, China, in 2008; and Ph.D. from Xiamen University, Xiamen, China, in He is currently a Professor in the School of Mathematics Science, Guizhou Normal University, Guiyang, China. His recent research interests include algebra and cryptography. Huawei Huang received his B.S. from Jiangxi Normal University, Nanchang, China, in 2001; M.S. from Jiangxi Normal University, Nanchang, China, in 2004; and
7 International Journal of Network Security, Vol.19, No.2, PP , Mar (DOI: /IJNS (2).07) 235 Ph.D. from Xidian University, Xi an, China, in He is currently an Associate Professor in the School of Mathematics Science, Guizhou Normal University, Guiyang, China. His recent research interests include algebra and cryptography. Yunyun Qu received his B.S. from Wuhan University, Wuhan, China, in 2005; M.S. from Southwest University, Chongqing, China, in He is currently an Associate Professor in the School of Mathematics Science, Guizhou Normal University, Guiyang, China. His recent research interests include number theory and cryptography.
ID-based Encryption Scheme Secure against Chosen Ciphertext Attacks
ID-based Encryption Scheme Secure against Chosen Ciphertext Attacks ongxing Lu and Zhenfu Cao Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai 200030, P.. China {cao-zf,
More informationResearch Article Certificateless Proxy Signature from RSA
Mathematical Problems in Engineering, Article ID 373690, 10 pages http://dx.doi.org/10.1155/2014/373690 Research Article Certificateless Proxy Signature from RSA Lunzhi Deng, 1 Jiwen Zeng, 2 and Yunyun
More informationA Strong Identity Based Key-Insulated Cryptosystem
A Strong Identity Based Key-Insulated Cryptosystem Jin Li 1, Fangguo Zhang 2,3, and Yanming Wang 1,4 1 School of Mathematics and Computational Science, Sun Yat-sen University, Guangzhou, 510275, P.R.China
More informationSecurity Analysis of Some Batch Verifying Signatures from Pairings
International Journal of Network Security, Vol.3, No.2, PP.138 143, Sept. 2006 (http://ijns.nchu.edu.tw/) 138 Security Analysis of Some Batch Verifying Signatures from Pairings Tianjie Cao 1,2,3, Dongdai
More informationCryptanalysis and improvement of an ID-based ad-hoc anonymous identification scheme at CT-RSA 05
Cryptanalysis and improvement of an ID-based ad-hoc anonymous identification scheme at CT-RSA 05 Fangguo Zhang 1 and Xiaofeng Chen 2 1 Department of Electronics and Communication Engineering, Sun Yat-sen
More informationREMARKS ON IBE SCHEME OF WANG AND CAO
REMARKS ON IBE SCEME OF WANG AND CAO Sunder Lal and Priyam Sharma Derpartment of Mathematics, Dr. B.R.A.(Agra), University, Agra-800(UP), India. E-mail- sunder_lal@rediffmail.com, priyam_sharma.ibs@rediffmail.com
More informationOne-Round ID-Based Blind Signature Scheme without ROS Assumption
One-Round ID-Based Blind Signature Scheme without ROS Assumption Wei Gao 1, Xueli Wang 2, Guilin Wang 3, and Fei Li 4 1 College of Mathematics and Econometrics, Hunan University, Changsha 410082, China
More informationAn efficient variant of Boneh-Gentry-Hamburg's identity-based encryption without pairing
University of Wollongong Research Online Faculty of Engineering and Information Sciences - Papers: Part A Faculty of Engineering and Information Sciences 2015 An efficient variant of Boneh-Gentry-Hamburg's
More informationAvailable online at J. Math. Comput. Sci. 6 (2016), No. 3, ISSN:
Available online at http://scik.org J. Math. Comput. Sci. 6 (2016), No. 3, 281-289 ISSN: 1927-5307 AN ID-BASED KEY-EXPOSURE FREE CHAMELEON HASHING UNDER SCHNORR SIGNATURE TEJESHWARI THAKUR, BIRENDRA KUMAR
More informationOn the security of Jhanwar-Barua Identity-Based Encryption Scheme
On the security of Jhanwar-Barua Identity-Based Encryption Scheme Adrian G. Schipor aschipor@info.uaic.ro 1 Department of Computer Science Al. I. Cuza University of Iași Iași 700506, Romania Abstract In
More informationSecure Certificateless Public Key Encryption without Redundancy
Secure Certificateless Public Key Encryption without Redundancy Yinxia Sun and Futai Zhang School of Mathematics and Computer Science Nanjing Normal University, Nanjing 210097, P.R.China Abstract. Certificateless
More informationOn Security of Two Nonrepudiable Threshold Multi-proxy Multi-signature Schemes with Shared Verification
International Journal of Network Security, Vol.4, No.3, PP.248 253, May 2007 248 On Security of Two Nonrepudiable Threshold Multi-proxy Multi-signature Schemes with Shared Verification Rongxing Lu, Zhenfu
More informationAn Efficient Signature Scheme from Bilinear Pairings and Its Applications
An Efficient Signature Scheme from Bilinear Pairings and Its Applications Fangguo Zhang, Reihaneh Safavi-Naini and Willy Susilo School of Information Technology and Computer Science University of Wollongong,
More informationImproved ID-based Authenticated Group Key Agreement Secure Against Impersonation Attack by Insider
All rights are reserved and copyright of this manuscript belongs to the authors. This manuscript has been published without reviewing and editing as received from the authors: posting the manuscript to
More informationConstructing Provably-Secure Identity-Based Signature Schemes
Constructing Provably-Secure Identity-Based Signature Schemes Chethan Kamath Indian Institute of Science, Bangalore November 23, 2013 Overview Table of contents Background Formal Definitions Schnorr Signature
More informationAn Efficient Signature Scheme from Bilinear Pairings and Its Applications
An Efficient Signature Scheme from Bilinear Pairings and Its Applications Fangguo Zhang, Reihaneh Safavi-Naini and Willy Susilo School of Information Technology and Computer Science University of Wollongong,
More informationSecurity Analysis of an Identity-Based Strongly Unforgeable Signature Scheme
Security Analysis of an Identity-Based Strongly Unforgeable Signature Scheme Kwangsu Lee Dong Hoon Lee Abstract Identity-based signature (IBS) is a specific type of public-key signature (PKS) where any
More informationAn Efficient ID-based Digital Signature with Message Recovery Based on Pairing
An Efficient ID-based Digital Signature with Message Recovery Based on Pairing Raylin Tso, Chunxiang Gu, Takeshi Okamoto, and Eiji Okamoto Department of Risk Engineering Graduate School of Systems and
More informationMulti-key Hierarchical Identity-Based Signatures
Multi-key Hierarchical Identity-Based Signatures Hoon Wei Lim Nanyang Technological University 9 June 2010 Outline 1 Introduction 2 Preliminaries 3 Multi-key HIBS 4 Security Analysis 5 Discussion 6 Open
More informationBoneh-Franklin Identity Based Encryption Revisited
Boneh-Franklin Identity Based Encryption Revisited David Galindo Institute for Computing and Information Sciences Radboud University Nijmegen P.O.Box 9010 6500 GL, Nijmegen, The Netherlands. d.galindo@cs.ru.nl
More informationSecure and Practical Identity-Based Encryption
Secure and Practical Identity-Based Encryption David Naccache Groupe de Cyptographie, Deṕartement d Informatique École Normale Supérieure 45 rue d Ulm, 75005 Paris, France david.nacache@ens.fr Abstract.
More informationBlind Signature Protocol Based on Difficulty of. Simultaneous Solving Two Difficult Problems
Applied Mathematical Sciences, Vol. 6, 202, no. 39, 6903-690 Blind Signature Protocol Based on Difficulty of Simultaneous Solving Two Difficult Problems N. H. Minh, D. V. Binh 2, N. T. Giang 3 and N. A.
More informationResearch Article On the Security of a Novel Probabilistic Signature Based on Bilinear Square Diffie-Hellman Problem and Its Extension
e Scientific World Journal, Article ID 345686, 4 pages http://dx.doi.org/10.1155/2014/345686 Research Article On the Security of a Novel Probabilistic Signature Based on Bilinear Square Diffie-Hellman
More informationEfficient Identity-Based Encryption Without Random Oracles
Efficient Identity-Based Encryption Without Random Oracles Brent Waters Abstract We present the first efficient Identity-Based Encryption (IBE) scheme that is fully secure without random oracles. We first
More informationSimple SK-ID-KEM 1. 1 Introduction
1 Simple SK-ID-KEM 1 Zhaohui Cheng School of Computing Science, Middlesex University The Burroughs, Hendon, London, NW4 4BT, United Kingdom. m.z.cheng@mdx.ac.uk Abstract. In 2001, Boneh and Franklin presented
More informationCryptographical Security in the Quantum Random Oracle Model
Cryptographical Security in the Quantum Random Oracle Model Center for Advanced Security Research Darmstadt (CASED) - TU Darmstadt, Germany June, 21st, 2012 This work is licensed under a Creative Commons
More informationLecture 7: Boneh-Boyen Proof & Waters IBE System
CS395T Advanced Cryptography 2/0/2009 Lecture 7: Boneh-Boyen Proof & Waters IBE System Instructor: Brent Waters Scribe: Ioannis Rouselakis Review Last lecture we discussed about the Boneh-Boyen IBE system,
More informationStrongly Unforgeable Signatures Based on Computational Diffie-Hellman
Strongly Unforgeable Signatures Based on Computational Diffie-Hellman Dan Boneh 1, Emily Shen 1, and Brent Waters 2 1 Computer Science Department, Stanford University, Stanford, CA {dabo,emily}@cs.stanford.edu
More informationType-based Proxy Re-encryption and its Construction
Type-based Proxy Re-encryption and its Construction Qiang Tang Faculty of EWI, University of Twente, the Netherlands q.tang@utwente.nl Abstract. Recently, the concept of proxy re-encryption has been shown
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationSolving Systems of Modular Equations in One Variable: How Many RSA-Encrypted Messages Does Eve Need to Know?
Solving Systems of Modular Equations in One Variable: How Many RSA-Encrypted Messages Does Eve Need to Know? Alexander May, Maike Ritzenhofen Faculty of Mathematics Ruhr-Universität Bochum, 44780 Bochum,
More informationApplied cryptography
Applied cryptography Identity-based Cryptography Andreas Hülsing 19 November 2015 1 / 37 The public key problem How to obtain the correct public key of a user? How to check its authenticity? General answer:
More informationA short identity-based proxy ring signature scheme from RSA
University of Wollongong Research Online Faculty of Engineering and Information Sciences - Papers: Part A Faculty of Engineering and Information Sciences 2015 A short identity-based proxy ring signature
More informationA short ID-based proxy signature scheme
University of Wollongong Research Online Faculty of Engineering and Information Sciences - Papers: Part A Faculty of Engineering and Information Sciences 2016 A short ID-based proxy signature scheme Maryam
More informationA Novel Strong Designated Verifier Signature Scheme without Random Oracles
1 A Novel Strong Designated Verifier Signature Scheme without Random Oracles Maryam Rajabzadeh Asaar 1, Mahmoud Salmasizadeh 2 1 Department of Electrical Engineering, 2 Electronics Research Institute (Center),
More informationFrom Fixed-Length to Arbitrary-Length RSA Encoding Schemes Revisited
From Fixed-Length to Arbitrary-Length RSA Encoding Schemes Revisited Julien Cathalo 1, Jean-Sébastien Coron 2, and David Naccache 2,3 1 UCL Crypto Group Place du Levant 3, Louvain-la-Neuve, B-1348, Belgium
More information[6] was based on the quadratic residuosity problem, whilst the second given by Boneh and Franklin [3] was based on the Weil pairing. Originally the ex
Exponent Group Signature Schemes and Ecient Identity Based Signature Schemes Based on Pairings F. Hess Dept. Computer Science, University of Bristol, Merchant Venturers Building, Woodland Road, Bristol,
More informationTransitive Signatures Based on Non-adaptive Standard Signatures
Transitive Signatures Based on Non-adaptive Standard Signatures Zhou Sujing Nanyang Technological University, Singapore, zhousujing@pmail.ntu.edu.sg Abstract. Transitive signature, motivated by signing
More informationCertificateless Signcryption without Pairing
Certificateless Signcryption without Pairing Wenjian Xie Zhang Zhang College of Mathematics and Computer Science Guangxi University for Nationalities, Nanning 530006, China Abstract. Certificateless public
More informationIdentity Based Undeniable Signatures
Identity Based Undeniable Signatures Benoît Libert Jean-Jacques Quisquater UCL Crypto Group Place du Levant, 3. B-1348 Louvain-La-Neuve. Belgium {libert,jjq}@dice.ucl.ac.be http://www.uclcrypto.org/ Abstract.
More informationID-Based Blind Signature and Ring Signature from Pairings
ID-Based Blind Signature and Ring Signature from Pairings Fangguo Zhang and Kwangjo Kim International Research center for Information Security (IRIS) Information and Communications University(ICU), 58-4
More informationPairing-Based Cryptographic Protocols : A Survey
Pairing-Based Cryptographic Protocols : A Survey Ratna Dutta, Rana Barua and Palash Sarkar Cryptology Research Group Stat-Math and Applied Statistics Unit 203, B. T. Road, Kolkata India 700108 e-mail :{ratna
More informationIdentity-Based Delegated Signatures
Identity-Based Delegated Signatures Yi Mu 1, Willy Susilo 1, and Yan-Xia Lin 2 1 School of IT and Computer Science University of Wollongong, Wollongong, NSW 2522, Australia 2 School of Mathematics and
More informationOutline. The Game-based Methodology for Computational Security Proofs. Public-Key Cryptography. Outline. Introduction Provable Security
The Game-based Methodology for Computational s David Pointcheval Ecole normale supérieure, CNRS & INRIA Computational and Symbolic Proofs of Security Atagawa Heights Japan April 6th, 2009 1/39 2/39 Public-Key
More informationSharing DSS by the Chinese Remainder Theorem
Sharing DSS by the Chinese Remainder Theorem Kamer Kaya,a, Ali Aydın Selçuk b a Ohio State University, Columbus, 43210, OH, USA b Bilkent University, Ankara, 06800, Turkey Abstract In this paper, we propose
More informationA new conic curve digital signature scheme with message recovery and without one-way hash functions
Annals of the University of Craiova, Mathematics and Computer Science Series Volume 40(2), 2013, Pages 148 153 ISSN: 1223-6934 A new conic curve digital signature scheme with message recovery and without
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationKatz, Lindell Introduction to Modern Cryptrography
Katz, Lindell Introduction to Modern Cryptrography Slides Chapter 12 Markus Bläser, Saarland University Digital signature schemes Goal: integrity of messages Signer signs a message using a private key
More informationA NEW ID-BASED SIGNATURE WITH BATCH VERIFICATION
Trends in Mathematics Information Center for Mathematical Sciences Volume 8, Number 1, June, 2005, Pages 119 131 A NEW ID-BASED SIGNATURE WITH BATCH VERIFICATION JUNG HEE CHEON 1, YONGDAE KIM 2 AND HYO
More informationIdentity-Based Chameleon Hash Scheme Without Key Exposure
Identity-Based Chameleon Hash Scheme Without Key Exposure Xiaofeng Chen, Fangguo Zhang, Haibo Tian, and Kwangjo Kim 1 Key Laboratory of Computer Networks and Information Security, Ministry of Education,
More informationShort Signature Scheme From Bilinear Pairings
Sedat Akleylek, Barış Bülent Kırlar, Ömer Sever, and Zaliha Yüce Institute of Applied Mathematics, Middle East Technical University, Ankara, Turkey {akleylek,kirlar}@metu.edu.tr,severomer@yahoo.com,zyuce@stm.com.tr
More informationPAIRING-BASED IDENTIFICATION SCHEMES
PAIRING-BASED IDENTIFICATION SCHEMES DAVID FREEMAN Abstract. We propose four different identification schemes that make use of bilinear pairings, and prove their security under certain computational assumptions.
More informationEfficient Identity-based Encryption Without Random Oracles
Efficient Identity-based Encryption Without Random Oracles Brent Waters Weiwei Liu School of Computer Science and Software Engineering 1/32 Weiwei Liu Efficient Identity-based Encryption Without Random
More informationAlgorithmic Number Theory and Public-key Cryptography
Algorithmic Number Theory and Public-key Cryptography Course 3 University of Luxembourg March 22, 2018 The RSA algorithm The RSA algorithm is the most widely-used public-key encryption algorithm Invented
More information1. Introduction. 2. Background of elliptic curve group. Identity-based Digital Signature Scheme Without Bilinear Pairings
Identity-based Digital Signature Scheme Without Bilinear Pairings He Debiao, Chen Jianhua, Hu Jin School of Mathematics Statistics, Wuhan niversity, Wuhan, Hubei, China, 43007 Abstract: Many identity-based
More informationResearch Article A Novel Anonymous Proxy Signature Scheme
Advances in Multimedia Volume 2012, Article ID 427961, 10 pages doi:10.1155/2012/427961 Research Article A Novel Anonymous Proxy Signature Scheme Jue-Sam Chou Department of Information Management, Nanhua
More informationCertificate-Based Signature Schemes without Pairings or Random Oracles
Certificate-Based Signature Schemes without Pairings or Random Oracles Joseph K. Liu 1, Joonsang Baek 1, Willy Susilo 2, and Jianying Zhou 1 1 Cryptography and Security Department Institute for Infocomm
More informationThe Cramer-Shoup Strong-RSA Signature Scheme Revisited
The Cramer-Shoup Strong-RSA Signature Scheme Revisited Marc Fischlin Johann Wolfgang Goethe-University Frankfurt am Main, Germany marc @ mi.informatik.uni-frankfurt.de http://www.mi.informatik.uni-frankfurt.de/
More informationA New Attack on RSA with Two or Three Decryption Exponents
A New Attack on RSA with Two or Three Decryption Exponents Abderrahmane Nitaj Laboratoire de Mathématiques Nicolas Oresme Université de Caen, France nitaj@math.unicaen.fr http://www.math.unicaen.fr/~nitaj
More informationRing Signatures without Random Oracles
Ring Signatures without Random Oracles Sherman S. M. Chow 1, Joseph K. Liu 2, Victor K. Wei 3 and Tsz Hon Yuen 3 1 Department of Computer Science Courant Institute of Mathematical Sciences New York University,
More informationA DL Based Short Strong Designated Verifier Signature Scheme with Low Computation
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 27, 451-463 (2011) A DL Based Short Strong Designated Verifier Signature Scheme with Low Computation HAN-YU LIN, TZONG-SUN WU + AND YI-SHIUNG YEH Department
More informationIdentity-Based Aggregate Signatures
Identity-Based Aggregate Signatures Craig Gentry 1, and Zulfikar Ramzan 2 1 Stanford University cgentry@cs.stanford.edu 2 DoCoMo Communications Laboratories USA, Inc. ramzan@docomolabs-usa.com Abstract.
More informationPublic Key Cryptography
Public Key Cryptography Ali El Kaafarani 1 Mathematical Institute 2 PQShield Ltd. 1 of 44 Outline 1 Public Key Encryption: security notions 2 RSA Encryption Scheme 2 of 44 Course main reference 3 of 44
More informationBreaking Plain ElGamal and Plain RSA Encryption
Breaking Plain ElGamal and Plain RSA Encryption (Extended Abstract) Dan Boneh Antoine Joux Phong Nguyen dabo@cs.stanford.edu joux@ens.fr pnguyen@ens.fr Abstract We present a simple attack on both plain
More informationSchnorr Signature. Schnorr Signature. October 31, 2012
. October 31, 2012 Table of contents Salient Features Preliminaries Security Proofs Random Oracle Heuristic PKS and its Security Models Hardness Assumption The Construction Oracle Replay Attack Security
More informationPAPER An Identification Scheme with Tight Reduction
IEICE TRANS. FUNDAMENTALS, VOL.Exx A, NO.xx XXXX 200x PAPER An Identification Scheme with Tight Reduction Seiko ARITA, Member and Natsumi KAWASHIMA, Nonmember SUMMARY There are three well-known identification
More informationLattice-based Multi-signature with Linear Homomorphism
Copyright c 2016 The Institute of Electronics, Information and Communication Engineers SCIS 2016 2016 Symposium on Cryptography and Information Security Kumamoto, Japan, Jan. 19-22, 2016 The Institute
More informationA New Knapsack Public-Key Cryptosystem Based on Permutation Combination Algorithm
A New Knapsack Public-Key Cryptosystem Based on Permutation Combination Algorithm Min-Shiang Hwang Cheng-Chi Lee Shiang-Feng Tzeng Department of Management Information System National Chung Hsing University
More informationGentry IBE Paper Reading
Gentry IBE Paper Reading Y. Jiang 1 1 University of Wollongong September 5, 2014 Literature Craig Gentry. Practical Identity-Based Encryption Without Random Oracles. Advances in Cryptology - EUROCRYPT
More informationG Advanced Cryptography April 10th, Lecture 11
G.30-001 Advanced Cryptography April 10th, 007 Lecturer: Victor Shoup Lecture 11 Scribe: Kristiyan Haralambiev We continue the discussion of public key encryption. Last time, we studied Hash Proof Systems
More informationRing Group Signatures
Ring Group Signatures Liqun Chen Hewlett-Packard Laboratories, Long Down Avenue, Stoke Gifford, Bristol, BS34 8QZ, United Kingdom. liqun.chen@hp.com Abstract. In many applications of group signatures,
More informationNew Techniques for Dual System Encryption and Fully Secure HIBE with Short Ciphertexts
New Techniques for Dual System Encryption and Fully Secure HIBE with Short Ciphertexts Allison Lewko University of Texas at Austin alewko@cs.utexas.edu Brent Waters University of Texas at Austin bwaters@cs.utexas.edu
More informationImpossible Differential Attacks on 13-Round CLEFIA-128
Mala H, Dakhilalian M, Shakiba M. Impossible differential attacks on 13-round CLEFIA-128. JOURNAL OF COMPUTER SCIENCE AND TECHNOLOGY 26(4): 744 750 July 2011. DOI 10.1007/s11390-011-1173-0 Impossible Differential
More informationCSC 774 Advanced Network Security
CSC 774 Advanced Network Security Topic 2.6 ID Based Cryptography #2 Slides by An Liu Outline Applications Elliptic Curve Group over real number and F p Weil Pairing BasicIdent FullIdent Extensions Escrow
More informationCSC 774 Advanced Network Security
CSC 774 Advanced Network Security Topic 2.6 ID Based Cryptography #2 Slides by An Liu Outline Applications Elliptic Curve Group over real number and F p Weil Pairing BasicIdent FullIdent Extensions Escrow
More information(Convertible) Undeniable Signatures without Random Oracles
Convertible) Undeniable Signatures without Random Oracles Tsz Hon Yuen 1, Man Ho Au 1, Joseph K. Liu 2, and Willy Susilo 1 1 Centre for Computer and Information Security Research School of Computer Science
More informationPractical Hierarchical Identity Based Encryption and Signature schemes Without Random Oracles
Practical Hierarchical Identity Based Encryption and Signature schemes Without Random Oracles Man Ho Au 1, Joseph K. Liu 2, Tsz Hon Yuen 3, and Duncan S. Wong 4 1 Centre for Information Security Research
More informationAnonymous Proxy Signature with Restricted Traceability
Anonymous Proxy Signature with Restricted Traceability Jiannan Wei Joined work with Guomin Yang and Yi Mu University of Wollongong Outline Introduction Motivation and Potential Solutions Anonymous Proxy
More information1 Number Theory Basics
ECS 289M (Franklin), Winter 2010, Crypto Review 1 Number Theory Basics This section has some basic facts about number theory, mostly taken (or adapted) from Dan Boneh s number theory fact sheets for his
More informationRemove Key Escrow from The Identity-Based Encryption System
Remove Key Escrow from The Identity-Based Encryption System Zhaohui Cheng, Richard Comley and Luminita Vasiu School of Computing Science, Middlesex University, White Hart Lane, London N17 8HR, UK. {m.z.cheng,r.comley,l.vasiu}@mdx.ac.uk
More informationKey-Exposure Free Chameleon Hashing and Signatures Based on Discrete Logarithm Systems
Key-Exposure Free Chameleon Hashing and Signatures Based on Discrete Logarithm Systems Xiaofeng Chen, Fangguo Zhang, Haibo Tian, Baodian Wei, and Kwangjo Kim 1 School of Information Science and Technology,
More informationShort Unique Signatures from RSA with a Tight Security Reduction (in the Random Oracle Model)
Short Unique Signatures from RSA with a Tight Security Reduction (in the Random Oracle Model) Hovav Shacham UC San Diego and UT Austin Abstract. A signature scheme is unique if for every public key and
More informationA Pairing-Based DAA Scheme Further Reducing TPM Resources
A Pairing-Based DAA Scheme Further Reducing TPM Resources Ernie Brickell Intel Corporation ernie.brickell@intel.com Jiangtao Li Intel Labs jiangtao.li@intel.com Abstract Direct Anonymous Attestation (DAA)
More informationProxy Re-Signature Schemes without Random Oracles
An extended abstract of this paper appears in Indocrypt 2007, K. Srinathan, C. Pandu Rangan, M. Yung (Eds.), volume 4859 of LNCS, pp. 97-209, Sringer-Verlag, 2007. Proxy Re-Signature Schemes without Random
More informationRecent Advances in Identity-based Encryption Pairing-free Constructions
Fields Institute Workshop on New Directions in Cryptography 1 Recent Advances in Identity-based Encryption Pairing-free Constructions Kenny Paterson kenny.paterson@rhul.ac.uk June 25th 2008 Fields Institute
More informationAn Identification Scheme Based on KEA1 Assumption
All rights are reserved and copyright of this manuscript belongs to the authors. This manuscript has been published without reviewing and editing as received from the authors: posting the manuscript to
More informationComparing With RSA. 1 ucl Crypto Group
Comparing With RSA Julien Cathalo 1, David Naccache 2, and Jean-Jacques Quisquater 1 1 ucl Crypto Group Place du Levant 3, Louvain-la-Neuve, b-1348, Belgium julien.cathalo@uclouvain.be, jean-jacques.quisquater@uclouvain.be
More informationGurgen Khachatrian Martun Karapetyan
34 International Journal Information Theories and Applications, Vol. 23, Number 1, (c) 2016 On a public key encryption algorithm based on Permutation Polynomials and performance analyses Gurgen Khachatrian
More informationA Practical Elliptic Curve Public Key Encryption Scheme Provably Secure Against Adaptive Chosen-message Attack
A Practical Elliptic Curve Public Key Encryption Scheme Provably Secure Against Adaptive Chosen-message Attack Huafei Zhu InfoComm Security Department, Institute for InfoComm Research. 21 Heng Mui Keng
More informationToward Hierarchical Identity-Based Encryption
Toward Hierarchical Identity-Based Encryption Jeremy Horwitz and Ben Lynn Stanford University, Stanford, CA 94305, USA, {horwitz blynn}@cs.stanford.edu Abstract. We introduce the concept of hierarchical
More informationOn Security Proof of McCullagh-Barreto s Key Agreement Protocol and its Variants
On Security Proof of McCullagh-Barreto s Key Agreement Protocol and its Variants Zhaohui Cheng School of Computing Science, Middlesex University The Burroughs, Hendon, London, UK E-mail: m.z.cheng@mdx.ac.uk
More informationA Signature Scheme based on Asymmetric Bilinear Pairing Functions
A Signature Scheme based on Asymmetric Bilinear Pairing Functions Routo Terada 1 and Denise H. Goya 2 1 University of São Paulo, Brasil rt@ime.usp.br 2 University of São Paulo, Brasil dhgoya@ime.usp.br
More informationCryptography from Pairings
DIAMANT/EIDMA Symposium, May 31st/June 1st 2007 1 Cryptography from Pairings Kenny Paterson kenny.paterson@rhul.ac.uk May 31st 2007 DIAMANT/EIDMA Symposium, May 31st/June 1st 2007 2 The Pairings Explosion
More informationPairing-Based Identification Schemes
Pairing-Based Identification Schemes David Freeman Information Theory Research HP Laboratories Palo Alto HPL-2005-154 August 24, 2005* public-key cryptography, identification, zero-knowledge, pairings
More informationAn Identity-Based Signature from Gap Diffie-Hellman Groups
An Identity-Based Signature from Gap Diffie-Hellman Groups Jae Choon Cha 1 and Jung Hee Cheon 2 1 Department of Mathematics Korea Advanced Institute of Science and Technology Taejon, 305 701, Korea jccha@knot.kaist.ac.kr
More informationSynchronized Aggregate Signatures from the RSA Assumption
Synchronized Aggregate Signatures from the RSA Assumption Susan Hohenberger Johns Hopkins University susan@cs.jhu.edu Brent Waters UT Austin bwaters@cs.utexas.edu January 18, 2018 Abstract In this work
More informationRecent Advances in Identity-based Encryption Pairing-based Constructions
Fields Institute Workshop on New Directions in Cryptography 1 Recent Advances in Identity-based Encryption Pairing-based Constructions Kenny Paterson kenny.paterson@rhul.ac.uk June 25th 2008 Fields Institute
More informationSome Security Comparisons of GOST R and ECDSA Signature Schemes
Some Security Comparisons of GOST R 34.10-2012 and ECDSA Signature Schemes Trieu Quang Phong Nguyen Quoc Toan Institute of Cryptography Science and Technology Gover. Info. Security Committee, Viet Nam
More informationCryptography IV: Asymmetric Ciphers
Cryptography IV: Asymmetric Ciphers Computer Security Lecture 7 David Aspinall School of Informatics University of Edinburgh 31st January 2011 Outline Background RSA Diffie-Hellman ElGamal Summary Outline
More informationQuestion: Total Points: Score:
University of California, Irvine COMPSCI 134: Elements of Cryptography and Computer and Network Security Midterm Exam (Fall 2016) Duration: 90 minutes November 2, 2016, 7pm-8:30pm Name (First, Last): Please
More information